Smart Cards in Java Kerberos
Ostap Andrusiv
pifostap at gmail.com
Tue Jun 25 12:52:18 UTC 2013
Hi everyone,
I've been playing with smart cards and faced some issues.
Long story short:
*Prerequisites*:
- I set up a basic Kerberos realm via Windows Active Directory.
- I managed to successfully login into service via *login/password* pair
using Java Kerberos(Krb5LoginModule), which is provided via JAAS.
Now I try to implement Kerberos login via smart card. Smart card
preauthentication in Kerberos is done via AS-REQ/AS-REP messages (
PA-PK-AS-REQ/P extensions). Unfortunately, JAAS Kerberos hasn't used the
smartcard. As far as I have seen, there were no PA-PK-AS-REQ/P extensions
in openjdk sources. Maybe, I missed something.
*Question*:
1. Does Java Kerberos support smart card preauthentication out of the box?
2. If it doesn't, can I somehow extends existing Kerberos module or should
I implement whole Kerberos from the ground up?
Thanks in advance,
Ostap Andrusiv
web: http://andrusiv.com
skype: ostap.andrusiv
::p!F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20130625/2f541524/attachment.htm>
More information about the security-dev
mailing list